Black hat hacking

I'm taking a couple of computer security related courses on Coursera. For those of you who are not familiar with Coursera, it's an online program that offers classes that anyone can take for free. The classes consist of video lectures along with quizzes and problems sets and sometimes supplementary reading material.

Currently I am taking a course in cryptography and a course in software security. I find both of them very enjoyable. The subject of computer security is fascinating both from the point of view of the defender and from that of the attacker. In the area of codes, for example, this amounts to the disciplines of cryptography and cryptanalysis, respectively. The cryptography class I am taking now teaches a little bit of both actually. It shows you how to make codes that are hard to break, and it also shows you how to break some codes that have been broken in the past, mostly for the sake of understanding how such attacks work for the sake of being able to defend against them. The Software Security class follows a similar agenda - it teaches you how to break security for the purpose of understanding how defenses must be set up.

I am becoming very interested in learning how to hack, and by hack I don't mean how to program. I mean how to dissect programs and get into the nitty-gritty details of computers and operating systems, and exploit security holes to my own advantage. I'm not interested in gaining such knowledge because I want to commit actual cyber-crimes. I am simply fascinated with the intellectual possibility of breaking security, and with the technical details of cyber-warfare. A lot of people when I say I want to learn to hack might conjure up mental images of me stealing people's credit card numbers, but that's not my intention at all. I am simply passionately curious.

I've been learning some basic black hat hacking skills, to the point where I could exploit some very insecure programs. I've been learning from my two classes, and learning about how to write viruses from Mark A. Ludwig's Little Black Book of Viruses. I'm far from being able to hack with any degree of mastery, but I'm getting some of the basic ideas, which I will share here. I believe it's against Codecall's terms of service to give tutorials on cracking, so I will try to give a basic idea of what I've been learning without revealing too much about how to do it. Basically, there are certain functions in C and C++ that are vulnerable to overflow attacks because they don't perform the necessary bounds checking, and these functions can be exploited to overwrite data used by the program. You can, for example, overwrite the program counter with the address of code that you inserted into the program with the same buffer overflow. Of course, there's the challenge of knowing where the buffers are in relation to each other, which is where tools like reverse engineering, debuggers, and NOPs come into play.

As for cryptography and cryptanalysis, I've always been fascinated by the eternal war between code makers and code breakers, and how the integrity of codes can be decisive in warfare. It was Allan Turing's genius in code breaking that was partly responsible for the Allies' victory in World War II. Code making and breaking continued to be decisive throughout the Cold War. A very smart cryptographer or cryptanalyst can easily win a cyber-war in today's world, and I always have this thought in my mind that someday I could be that person.

Then there's Mark A. Ludwig and his book on viruses. Of course it's centered around MS-DOS, but the architecture on which the viruses are based hasn't changed much since then and the virus technologies could probably fairly easily be adapted for modern operating systems given some understanding of how those operating systems work. Ludwig gives a very interesting perspective on viruses. In his introduction, he says that viruses are not to be seen as just a neussance; they are, in fact, the beginning of digital life, and they represent endless possibilities, the edge of a vast ocean that we have yet to sail. Viruses are worth studying, not just for their military value, but also for their analogy to biological life.

I think I would like to write some viruses, again, as an intellectual curiosity. I wouldn't send them to anyone, or if I did, they wouldn't be destructive in any way. I'm attracted to the challenge of bypassing security measures like antivirus software to get a virus to replicate on a remote machine. That sounds like it would be a much greater challenge than any of the programming I've done so far, since there would be actual software tools trying to stop me from doing it. I think what I would do is write viruses, test them on my own local network, and then publish them on my own website as a demonstration of my technical skill. I don't think there's anything illegal about that.

Well, that's all I have to write about this particular topic for now. This is an exciting new road for me, and I hope it leads me to places I never thought I'd go.